I work in digital marketing and I run the WordPress site for one of my clients. There was some drama with the site the week that I started and it turned out the site had been hacked. Anyway, my client hired a company to take the malware out of the website and then I went in and updated all of the plugins and deleted unnecessary ones.
At that point, the security company changed the password and instructed my client to reset his password. He has no idea what I am talking about, and the site is linked to an email address that I don’t have access to. He just kept telling me to go ahead and change the password.
SO… we met with his hosting company. The guy at the hosting company was able to reset the password on our call using the cPanel.
Then I changed the password again because my client sent the password in an email, and the security company said to change it again.
SO… My password manager did not save the new password for some reason. And the password reset is still linked to an email address that no one at the company has access to, and the hosting company says that cPanel is showing a bunch of failed emails. But also he just sends emails mansplaining what is happening and doesn’t just reset the password like I asked.
My clients are still asking for website maintenance, which I have explained that I won’t be able to do without someone who can access the email or the cPanel. I also asked for other information to restore the account, since WordPress will let you do it with receipts, etc… They have no idea.
SO I am tryinng to figure out how to break into the website through the backdoor so I can just fix it and move on with the multiple website requests my client is asking for. Surely there’s a way. Google is useless, it just tells you how to not get hacked.
PS: The client is an IT company
TL;DR: I can’t access the latest password on my client’s WordPress account and need to be able to get into the site. Client is clueless about the emails that would be sent for account verification, etc. If there is another way to sneak into the site, please let me know! I don’t have access to the cPanel.
Do you have FTP access?
You can set up code on your functions.php that changes your client email. Or just creates a new user for your client.
If you have access to cPanel, log in, use phpmyadmin to get into the database. Look at the users table and change the email address no one has access to to one they do.
You need to just keep working with the client/host to try and get access unfortunately. Once you do, perhaps instill some better security awareness and get your client to start using a password manager so that that sort of info doesn’t just get forgotten in future.
If gaining access to a website was as easy as Googling “how to hack into a website I don’t have the login details for”, then we’d all be a bit screwed… lol.